maravis.com

Update: In the Oct 2011 issue of the assessor updates, the PCI SSC has addressed the use of logos. “PCI DSS Compliant”, “PCI DSS Ready”, and other variations that combine a portion of the SSC’s official logos with an organization’s own marketing text and/or graphics is not permitted, either in printed marketing collateral, business cards, or web sites.

The PCI SSC is a standards-setting body, and makes no determination as to any individual organizational compliance status. The use of such unauthorized logos not only creates confusion in the marketplace by mistakenly implying recognition of a compliance status, or the endorsement of, an organization by the Council, but also the use of these logo variations constitutes an infringement of the Council’s trademark and copyright rights, and the PCI SSC is obligated to enforce its intellectual property rights in order to further the organization’s mission and objective.
With this in mind, should you receive inquiries on this topic, please ensure your clients understand the role the Council plays in the compliance process; that we do not determine compliance, and that their use of these logos is not permitted.

I just read an article in SC Magazine that says that some vendors are calling for a logo that can be displayed by PCI compliant companies. The idea is that being compliant can be used as a marketing tool and that a lot of companies are not able to communicate the impact of being compliant properly. If they had a logo on their website, people will know right away.

Almost all the major data breaches that have happened in the last 2 years have involved companies that were supposed to be PCI compliant. If being compliant meant that they were secure, then how could they have been breached?

Authentication is an important component of security. Almost every web application published on the internet uses some authentication to identify a user as a valid user, authorized to use the application. A user may have to remember so many passwords and use them on a regular basis that they can get confused. What if an application can identify you automatically, based on your computer (or any other device)?